0 Replies Latest reply: Aug 10, 2017 11:40 AM by Andrew Lagomarcino RSS

Looking to convert WCCP to application port-only ACL

Andrew Lagomarcino

I am in charge of about 16 Riverbed Steelhead CX appliances modesl (running 9.6.0a) ranging from CX570 to CX7055 and since I took them over I've been looking to refresh the design and redirect policy we've been using.

 

Today all 12 sites I manage have WCCP virtual in path interfaces and the ACLs are different at every site.  To mitigate issues with not redirecting the traffic on one leg of the path because the ACL is different I am proposing that we standardize on the SAME EXACT ACL at every location.  Moreover, I want to create an ACL where we are only classifying based upon ports.  I am looking to redirect:

 

NEW ACL (bi-directional)

tcp/20

tcp/21

tcp/80

tcp/445

tcp/1352

tcp/1364

tcp/8080

-------------------

Considering but not sure if I should add right away

tcp/1576

tcp/1556 (Veritas NetBackup PBX)

tcp/389 (LDAP)

tcp/9997 (Splunk Indexer)

tcp/25

tcp/1700 (MQ)

Rest of the Oracle ports

 

I've seen these ports above see great compression and optimization looking at the CMC application stats, but I am just a little scared because our previous Riverbed Admin said that we've been bit by issues with ssh, proxy (8080), and SMB being slower in the past (8.5 code) and I don't want to run into any gotchas where I needed to tweak policy.  Are these ports safe to add to the redirect list?